Recently Browsing 0 members
No registered users viewing this page.
We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption.
How can I be sure that user has active account when they use the App?
Originaly developped by Jeff Starr, Blackhole is a security plugin which trap bad bots, crawlers and spiders in a virtual black hole.
Once the bots (or any virtual user!) visit the black hole page, they are blocked and denied access for your entire site.
This helps to keep nonsense spammers, scrapers, scanners, and other malicious hacking tools away from your site, so you can save precious server resources and bandwith for your good visitors.
How It Works
You add a rule to your robots.txt that instructs bots to stay away. Good bots will obey the rule, but bad bots will ignore it and follow the link... right into the black hole trap. Once trapped, bad bots are blocked and denied access to your entire site.
The main benefits of Blackhole include:
Bots have one chance to obey your site’s robots.txt rules. Failure to comply results in immediate banishment.
Disable Blackhole for logged in users Optionally redirect all logged-in users Send alert email message Customize email message Choose a custom warning message for bad bots Show a WHOIS Lookup informations Choose a custom blocked message for bad bots Choose a custom HTTP Status Code for blocked bots Choose which bots are whitelisted or not
Install the module Create a new page and assign to this page the template "blackhole" Create a new template file "blackhole.php" and call the module $modules->get('Blackhole')->blackhole(); Add the rule to your robot.txt Call the module from your home.php template $modules->get('Blackhole')->blackhole(); Bye bye bad bots!
By Robin S
Adds a password generator to InputfieldPassword.
Install the Password Generator module.
Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field.
*Settings not supported by the generator:
Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur.
Apologies if this has been asked in the past. We have a test site setup and running on HTTPS with redirect from HTTP. The site is protected from DDoS and arbitrary malicious attack by CloudFlare. From what I can see the administrative login page is still vulnerable to dictionary attacks. Clearly disabling the admin account and the use of strong passwords are two methods to minimise the success of such attacks. Questions:
1. Is it possible to rename the /processwire URL?
2. Is there any two factor support out there? I've checked out Duo and Okta, however PW is not supported?
3. Is there anyway to add CAPTCHA or second factor security questions to the login process?
4. Is there any form of anti-hammer available? For example, repeated failed login attempts from the same source are blocked for a period of time after a finite number of failures?
Any other suggestions gratefully appreciated.